2004 Fall LERSAIS Seminar Schedule

Abstract:

The Internet is uniquely and strategically positioned to address the needs of a growing segment of population in a very cost-effective way. It provides tremendous connectivity and immense information sharing capability which the organizations can use for their competitive advantage. Several organizations have transited from their old and disparate business models based on ink and paper to a new, consolidated ones based on digital information on the Internet. However, information sharing on the Internet usually occurs in broad, highly dynamic network-based environments, and formally accessing the resources in a secure manner poses a difficult challenge. Balancing the competing goals of collaboration and security is difficult because interaction in collaborative systems is targeted towards making people, information, and resources available to all who need it, whereas information security seeks to ensure the integrity of these elements while providing it only to those with proper authorization. As organizations implement information strategies that call for sharing access to resources in the networked environment, mechanisms must be provided to protect the resources from adversaries.

This talk addresses the issue of how to advocate selective information sharing in collaborative systems through access control schemes while minimizing the risks of unauthorized access proposing a delegation framework. It also introduces a systematic approach to specify delegation and revocation policies using a set of rules. The feasibility of the proposed framework is also discussed through policy specification, enforcement, and a proof-of-concept implementation.

Biography:

Gail-Joon Ahn is an assistant professor of Software and Information Systems Department at University of North Carolina at Charlotte and a coordinator of Laboratory of Information Integration, Security and Privacy which has been designated as a Center of Academic Excellence in Information Assurance Education by National Security Agency. His principal research and teaching interests are in information and systems security. Ahn received PhD and MS degrees from George Mason University, Fairfax, Virginia, and BS degree in Computer Science from SoongSil University, Seoul, Korea. His research foci include access control, security architecture for distributed objects, and secure e-commerce systems and his research has been supported by NSF, NSA, DoD, DoE, Bank of America, Hewlett Packard, Microsoft and Robert Wood Johnson Foundation. Ahn is currently an information director of ACM Special Interest Group on Security, Audit and Control (SIGSAC) and he is a recipient of Department of Energy Early Career Principal Investigator Award.

More information may be found at: http://www.sis.uncc.edu/~gahn/

Abstract:

Behind a privacy intrusion there is often an economic trade-off. The reduction of the cost of storing and manipulating information has led organizations to capture increasing amounts of data about individual behavior. The hunger for customization and usability has led individuals to reveal more about themselves to other parties. New trade-offs have emerged in which privacy, economics, and technology are inextricably linked: individuals want to avoid the misuse of the information they pass along to others, but they also want to share enough information to achieve satisfactory interactions; organizations want to know more about the parties with which they interact, but they do not want to alienate them with policies deemed as intrusive.

Is there a combination of economic incentives and technological solutions to privacy issues that is acceptable for the individual and beneficial to society? Is there a sweet spot that satisfies the interests of all parties?
 

Biography:

Alessandro Acquisti is an Assistant Professor of Information Technology and Public Policy at the H. John Heinz III School of Public Policy and Management, Carnegie Mellon University, and a Research Fellow at the Institute for the Study of Labor (IZA). His work investigates the social impact of IT, and in particular the interaction and interconnection of human and artificial agents in highly networked information economies. His current research focuses on the economics of computers and AI, the economics of privacy and information security, ecommerce, cryptography, agent-based simulations, and computational economics. His research in these areas has been disseminated through journals, books, and leading international conferences.

Prior to joining CMU Faculty, Alessandro Acquisti researched at the Xerox PARC labs in Palo Alto, CA, with Bernardo Huberman and the Internet Ecologies Group; at JP Morgan London, Emerging Markets Research, with Arnab Das; and for two years at RIACS, NASA Ames Research Center, in Mountain View, CA, with Maarten Sierhuis and Bill Clancey. At RIACS, he worked on agent-based simulations of human-robot interaction onboard the International Space Station.

In 2000 he co-founded PGuardian Technologies, Inc., a provider of Internet security and privacy services, for which he designed two currently pending patents.
 

More information may be found at: http://www.heinz.cmu.edu/~acquisti/

Dr. Alessandro Acquisti's Paper : <click>

Abstract: (coming soon)

Biography:

As CTO of Network Solutions and Manager of the Internet's master root server during the late 1990's, Mr. Holtzman not only oversaw the growth of the commercial Internet from 500,000 domain names to over 20 million, he also led the way in imagining and inventing a world in which technology positively impacts every facet of human life.

Mr. Holtzman began his long and distinguished career in the field of technology with the United States Navy as a cryptographic analyst and submariner, and at the Defense Special Missile and Astronautics Center as an intelligence analyst.  Mr. Holtzman's main area of interest today is understanding the layers between technology and society. As editor of a monthly publication called GlobalPOV, he collaborates with business, technology, and political leaders from around the world to clarify the specific ways that technology is changing notions like privacy, identity, and intellectual property.  Mr. Holtzman holds a bachelor of arts in Philosophy from the College of General Studies, University of Pittsburgh, and a bachelor of science in Computer Science from the University of Maryland.

More information may be found at:

Abstract:

Computers are now interconnected and we now live in times when it is almost unheard of for someone to possess a computer with no means of connecting to a network, let alone the Internet. However, several problems have arisen in computer networking and the major problem is with securing the network and the devices that comprise the network. 

In our presentation, we will address what we are doing at IUP to help combat these problems.

Abstract:

Recent proposals for widespread deployment of Radio Frequency Identification (RFID) systems have raised significant concerns about consumer privacy. With current low-cost tag technology, these concerns are somewhat unavoidable, as the tags aren't designed to differentiate between authorized readers and unauthorized ones, and likewise the readers can't directly distinguish been tags they're allowed to scan and those they aren't. Moreover, the privacy risks for consumers translate directly into the potential for industrial espionage in supply-chain implementations, undermining the competitive advantages that businesses aim to realize by deploying RFID systems in the first place. In this talk, I'll outline some of the recent research results in RFID privacy that attempt to address these concerns without significantly impacting the cost of the tags. (First presented at ISSE 2004.)
 

Biography:

Dr. Burt Kaliski is chief scientist of RSA Security and director of RSA Laboratories, the research center of RSA Security.  After receiving a Ph.D. computer science from MIT, Burt joined RSA Security in 1989 when it was a startup, and in 1991 helped launch RSA Laboratories.  He has been involved extensively in the development of cryptographic standards, as a contributor, editor, and working group chair, with particular emphasis on the Public-Key Cryptography Standards (PKCS), IEEE P1363, and ANSI X9F1.  Burt has also served as general chair of CRYPTO '91 and as program chair of CRYPTO '97 and CHES 2002.
 

More information may be found at: http://www.rsasecurity.com/rsalabs/node.asp?id=2017

Abstract:

Established in 1883, PPG Industries is a leading diversified manufacturer that supplies products and services around the world. The company makes protective and decorative coatings, sealants, adhesives, metal pretreatment products, flat glass, fabricated glass products, continuous-strand fiber glass products, and industrial and specialty chemicals - including photochromic ophthalmic lenses, optical monomers, silicas and fine chemicals. With headquarters in Pittsburgh, PPG has 108 manufacturing facilities and equity affiliates in Argentina, Australia, Brazil, Canada, China, England, France, Germany, India, Ireland, Italy, Japan, Malaysia, Mexico, the Netherlands, the Philippines, South Korea, Spain, Taiwan, Thailand, Turkey, the United States and Venezuela.

Mr. Wagner will discuss implementing IT Security at PPG. Although there are thousands of IT Security risks, and thousands of IT Security products and solutions on the market today, in reality an organization can only implement a limited number of solutions. How does PPG evaluate IT Security risk? What are the biggest concerns? What is PPG doing as a defense against both internal and external threats?

Biography:

Prior to his current position, Mr. Wagner spent two years in Europe as the IT Manager for PPG Refinish Europe and served as the Manager, Global HR Systems in Pittsburgh. Prior to PPG, Mr. Wagner worked in the security field for Electronic Warfare Associates (of Herndon Virginia) and also was with the former Digital Equipment Corporation for ten years.
Mr. Wagner holds a dual Computer Science and Business Administration degree and an MBA from the University of Pittsburgh.

Abstract:
The Linux Security Analysis project aims to apply analysis tools to improve our ability to make meaningful security guarantees. Over the last 20-30 years, the achievement of classical, high assurance security has not proven practical for commercial systems. As a result, commerical security is an ad hoc combination of experience and manual specifications. Recent systems improvements may improve our ability to build secure systems, but they cannot be leveraged given our current approach to building secure systems. Our security approach, which we call "Analytic Integrity," is based on classical models, but replaces their impractical requirements with measurements that can be validated. The goal of the Linux Security Analysis Project is to build analysis tools that support measurement and verification of Analytic Integrity goals. In this talk, we discuss the Analytic Integrity approach and our experiences building analysis tools to support this approach. These tools include tools for source code analysis, policy analysis, and integrity measurement for the Linux kernel. We describe the use of these tools in securing target applications on the Linux 2.6 system.

Biography:

Trent Jaeger is a Research Staff Member at the IBM T. J. Watson Research Center. He works in the Network Security Department where he is the project lead of Linux Security Analysis project which
investigates the development of tools to improve the security of Linux. Trent's research interests include access control, source code and policy analysis tools, and operating systems. He has published over 40 refereed research papers on these subjects. Also, he has been a member of the program committee for several major security conferences, and is the inaugural Program Chair for the Industrial Experience track for ACM Conference on Computer and Communications Security in 2003. Trent has an M.S. and a Ph.D. from the University of Michigan, Ann Arbor in Computer Science and Engineering in 1993 and 1997, respectively.

Map of SIS Building